#!/usr/bin/perl 
#
# Actual content (web page stuff) begins at [TTT]
# 
BEGIN{
	push (@INC, "./libs/");
}

use strict;
use CGI;

my $expiry = "+15m";
my $path = "/cgi-bin/test/";
my $cookie_name = "test";

# Get all the data we need from the HTTP request
my $query = CGI->new();
my $uid = $query->param("user");
my $pass = $query->param("pass");
my $id_string = $query->cookie($cookie_name);
$id_string =~ s/\%([A-Fa-f0-9]{2})/pack('C', hex($1))/seg; # url decode
my $ip = $ENV{'REMOTE_ADDR'};

# Make sure the user is logged in.
if(!($uid && $pass)) {
	# not logging in
	if(!$id_string) {
		# no cookie
		print $query->header();
		print $query->start_html();
		login();
		print $query->end_html();
	} else {
		# cookie
		do_stuff(sub {
			my $reply = shift;
			if(!defined($reply)) {
				# invalid
				print $query->header();
				print $query->start_html();
				login();
			} else {
				# valid
				my $cookie = 
  				$query->cookie(	-name	=> $cookie_name,
						-value	=> $id_string,
						-expires=> $expiry);
				print $query->header(-cookie => $cookie);
				print $query->start_html();
				$uid = $reply;
				page();
			}
			}, "cookie", $id_string, $ip);
		print $query->end_html();
	}

} else {
	# log in with a password
	do_stuff(sub {
		$id_string = shift;
		if(!defined($id_string)) {
			# invalid 
			print $query->header();
			print $query->start_html();
			login();
		} else {
			# valid
			my $cookie = $query->cookie(	-name 	=> $cookie_name,
						-value		=> $id_string,
						-expires	=> $expiry);
			print $query->header(	-cookie	=> $cookie);
			print $query->start_html();
			page();
		}
	}, "passwd", $uid, $pass, $ip);
		print $query->end_html();
}

# call suid_core.pl to do priveledged operations for us
sub do_stuff {
	my $kont = shift;
	my @args = @_;
	# fork!	
	my $fd = open(FD, "-|");
	die "Can't open pipe." unless defined($fd);
	if($fd == 0) {
		# child process execs the suid wrapper
		exec "./suid_core.pl", @args;
	}else{
		# meanwhile the parent catches the output
		my $reply = <FD>;
		close FD;
		&${kont}($reply);
	}
}


# Content starts here [TTT]

# Present a login screen
sub login {
		print  '<form method="post" action="'.$path.'main.cgi" enctype="multipart/form-data">
		user: <input type="text" name="user"><br>
		pass: <input type="password" name="pass"><br>
		<input type="submit" value="login">
		</form>';
} 

# The main content for valid users
sub page {
	print "Logged in as $uid.<br>";
	my $action = $query->param("do");
	if(!defined($action)) {
		print "What would you like to do?<br>";
		print  '<form method="post" action="'.$path.'main.cgi" enctype="multipart/form-data">';
		print '<input type="radio" name="do" value="logout"> ';
		print "logout <br>";
		print '<input type="radio" name="do" value="file"> ';
		print "get a file <br>";
		print "<input type='text' name='filename'>";
		print '<input type="submit">';
		print "</form>";
		print $query->end_html();
	} else {
		if($action eq "logout") {
			do_stuff(sub {print(@_)}, "logout", $id_string, $ip);
		} elsif ($action eq "file") {
			my $fn = $query->param("filename");
			do_stuff(sub {print(@_)}, "file", $id_string, $fn, $ip);
		}
	}
}
